YPYogesh Peelainexploitnotes.hashnode.dev00HackTheBox - Snapped Writeup3h ago · 9 min read · Difficulty: Medium OS: Linux Tags: nginx-ui CVE-2026-27944 backup-disclosure bcrypt snapd CVE-2026-3888 race-condition suid privilege-escalation Reconnaissance We begin with a standard nmap scan to Join discussion
YPYogesh Peelainexploitnotes.hashnode.dev00HackTheBox - Abducted Writeup4d ago · 10 min read · Difficulty: Medium Reconnaissance Nmap nmap -sC -sV -A <MACHINE-IP> -oA abducted PORT STATE SERVICE VERSION 22/tcp open ssh OpenSSH 9.6p1 Ubuntu 3ubuntu13.16 139/tcp open netbios-sJoin discussion
JJebitokinsharonjebitok.com00Metasploit: Scanning and Exploitation (TryHackMe)Jun 4 · 37 min read · Link to the Walkthrough/Challenge on TryHackMe: Metasploit: Scanning and Exploitation Introduction In the previous room, you learned how to navigate the Metasploit Framework: searching for modules, coJoin discussion
JJebitokinsharonjebitok.com00CVE-2026-31431: Copy-Fail (TryHackMe) Jun 2 · 22 min read · Link to the walkthrough in TryHackMe: CVE-2026-31431: Copy-Fail Introduction Most local privilege escalation exploits are fragile. They depend on precise kernel version offsets, require winning a raceJoin discussion
TTuannqinblogs.night-wolf.io10From Privilege Escalation to RCE in Wiki.jsMay 21 · 11 min read · I was poking around Wiki.js 2.5.312 one afternoon — as one does — when I found two vulnerabilities that chain together beautifully to turn a wiki moderator into a root shell. One report got accepted. Join discussion
MBMouhamed Ben Abdallahinerinmin-writeups.hashnode.dev00Unprotected Admin FunctionalityMay 12 · 8 min read · Platform: PortSwigger Web Security Academy Category: Access Control / Vertical Privilege Escalation Difficulty: Apprentice Tool(s): Browser only Date: 12/05/2026 Overview This lab demonstrates a verJoin discussion
APAmal PKinblog.amalpk.in00Hackthebox Fluffy Walkthrough — Windows Seasonal BoxMay 8 · 7 min read · Fluffy is a realistic Windows Active Directory (AD) machine on Hack The Box's Seasonal track that simulates a corporate environment with common misconfigurations and vulnerabilities often seen in realJoin discussion
JJebitokinsharonjebitok.com00Anonforce May 6 · 7 min read · Anonforce is a TryHackMe machine that focuses on FTP misconfiguration, PGP encryption, and password cracking. The box exposes an FTP server with anonymous login enabled, granting access to the entire Join discussion
PKPrashantkumar Khatriinrootcause.hashnode.dev00Why You Should Never Run Containers as RootMay 6 · 8 min read · TL;DR Root inside a container is UID 0 on the host kernel. The namespace hides the host filesystem, it does not hide your privileges. A container running as root with a volume mount can read and wriJoin discussion
JJebitokinsharonjebitok.com00 Cooctus Stories (TryHackMe)May 6 · 14 min read · Cooctus Adventures is a TryHackMe challenge that follows the Overpass storyline, where an insider threat helped the Cooctus Clan compromise Overpass. The objective is to infiltrate their private serveJoin discussion
